The Audit & Risk Recruitment are exclusively working with a Global Risk Management Consultancy to help them find an Information Security Risk Manager.
You will be reporting to the Head of Risk and Compliance and as a member of this team you will be working alongside other risk and compliance specialists, helping the business to identify, assess and mitigate risks. The team work extensively with industry best practice frameworks and look for opportunities to collaborate with the delivery teams in order to align internal practices with the advice that they provide to external clients.
Reporting to the Head of Risk & Compliance, you will be responsible for day-to-day management of the information security governance programme and any associated R&C-led projects and workstreams. In addition to your work with other members of the R&C team you will work very closely with the Head of IT and IT Security Operations function.
In this role, you will:
- Lead an annual enterprise-wide information security risk assessment, coordinating input from relevant parties including IT, Digital, Cyber and other departments as needed.
- Work closely with members of the IT and Digital teams to ensure an aligned and collaborative approach to areas of crossover between these teams and the R&C team.
- Build and maintain positive stakeholder relationships at all levels of the organisation as well as with key external stakeholders (including clients, certification bodies and external consultants).
- Prepare quarterly information security updates for the Head of R&C to include in reports for the Risk Committee and other Senior Leadership Team forums.
- Oversee all information security incident response planning, providing training to relevant stakeholders and running simulated exercises at planned intervals – to be aligned with current and developing threats.
- Oversee the delivery of a company-wide information security training programme, making use of third-party training platforms as appropriate.
- Provide guidance to the data protection function (managed jointly between R&C and Legal) in relation to information security requirements; maintain sufficient level of understanding and awareness in relation to GDPR and other applicable data protection regulations in order to do so.
- Be an active member of the Information Security Steering Group; contribute towards the agenda and other supporting materials for monthly meetings.
- Review the existing vendor management processes, working with key stakeholders in R&C, IT and other Central Departments to find ways to improve and streamline the process in line with industry best practice.
- Play a leading role in the implementation and eventual external certification of an ISO 27001 compliant Information Security Management System (ISMS).
- Work with the R&C Internal Audit (IA) function to enable a risk-based approach to information security audit.
- Represent the R&C team on all digital project working groups and other technology related forums.
- Provide information security advice and support to digital projects and other workstreams, encouraging a ‘security by design’ approach.Review information security requirements in client contracts and/or as part of the RFI/RFP process, coordinating the response where appropriate.
- Undertake any other responsibilities, tasks and projects as needed in line with R&C team and wider business requirements.
Requirement for the role
- 5+ years in an information security role, with at least 3 years of infosec risk management experience.
- A recognised information security certification – CISM, CISSP or equivalent.
- Experience of working collaboratively with SecOps and other technical colleagues to drive information security improvements.
- Experience of participating in multi-stakeholder technical projects / initiatives.
- A good general knowledge of IT technical security operations including Cloud Technology best practice.
- Experience of managing technology (operational) risk is desirable but not essential.
- In-depth knowledge and practical experience of information / cyber security frameworks (especially ISO 27001 and NIST).
- Big 4 / Top 10 experience preferred.